package io.renren.common.xss;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.List;

public class XssFilter implements Filter {

	private List<String> whiteList;

	public void setWhiteList(List<String> whiteList) {
		this.whiteList = whiteList;
	}

	@Override
	public void init(FilterConfig config) {
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		String uri = httpRequest.getRequestURI();

		// 检查请求 URI 是否在白名单中
		if (whiteList != null && whiteList.contains(uri)) {
			chain.doFilter(request, response);
		} else {
			XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper(httpRequest);
			chain.doFilter(xssRequest, response);
		}
	}

	@Override
	public void destroy() {
	}
}
